- 24 FEB
Compliance with the General Data Protection Regulation (GDPR) in Oracle
The European Union will change in the coming years the way companies protect their personal data. The new General Regulation on Data Protection, GDPR, which occurred on April 27th, 2016 will be mandatory for all companies and institutions in the […]
The European Union will change in the coming years the way companies protect their personal data. The new General Regulation on Data Protection, GDPR, which occurred on April 27th, 2016 will be mandatory for all companies and institutions in the continent as of May 25th, 2018; it is the biggest revolution in data protection in the last three decades.
Companies and entities will now report security breaches to the Data Protection Agency, and this agency may even require them to make public the details of their attacks. In addition, public entities will be required to have a data protection delegate. This measure also affects companies, although the amount of data processed and the susceptibility of receiving attacks depends on the number of employees. As a result of all this, it is expected that over the years, cybersecurity will have the same presence in companies that today occupational risk prevention benefit from.
The new European legislation moves the focus of security from the concentration of infrastructures (networks, firewalls, etc.), in which investments have relied their security on in the past, to the concentration of people, regarding identity management and access.
This change of paradigm derives from the double necessity of applying the GDPR and implies a preventive management of the privacy and security of the data; in addition, to accredit compliance and responsibility management.
To facilitate the understanding of the new normative framework and to help adapt to the changes that it incorporates, we present the most frequently asked questions:
- Does the establishment of the new GDP Regulation mean that the old Organic Law on Data Protection is no longer applicable?
No. The regulation has entered into force on the 25th of May of 2016, but will not be required until later- 25th of May 2018. Until then, both Directive 95/46 and the national standards transposing it, including The Spanish, remain fully valid and applicable.
- What new data control tools do citizens have?
The regulation introduces new elements, such as the right to be forgotten and the right to portability, which improve citizens’ decision-making and control over personal data they entrust to third parties.
- What does the active responsibility included in the Regulation imply?
Companies must take measures that reasonably ensure that they are able to comply with the principles, rights and guarantees established by the Regulation. The Regulation understands that acting only when an infringement has already occurred is insufficient as a strategy, since the infringement may cause injury to the parties which may be very difficult to compensate or repair.
- Does it change the way consent is to be obtained?
The Regulation requires that consent, in general, be conscient, informed, specific and unequivocal. Consent can be inferred from the silence or inaction of citizens.
- Should companies review their privacy policies?
In general, yes. The Regulation provides for the inclusion in the information provided to stakeholders of a number of issues which were not necessarily mandatory with the Directive and many national transposing laws.
Do companies have to start implementing the measures provided for in the Regulation?
- No. The Regulation is active, but will not be applicable until 2018.
From the team of Acevedo, we want your company’s Oracle systems to adapt to the new regulations with the best possible convenience and without any surprise; therefore, we want to offer you our know-how to help adapt to the necessary changes. We provide advice on the tools suitable for the following tasks:
- Manage access restriction to Oracle
- Audit access to sensitive data from your Oracle databases
- Masking of data in non-production environments
- Encryption of data both in transit and stored in Oracle